Security

Reply
MVP
Posts: 1,110
Registered: ‎10-11-2011

Create Fingerprints

Is there any way to create custom device fingerprints?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Regular Contributor I
Posts: 162
Registered: ‎04-11-2011

Re: Create Fingerprints

You will need to turn on DHCP debugging to see what DHCP fingerprint the device is passing.  You can they write your derivation rules based on those fingerprint strings.

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Create Fingerprints

Are you referring to setting up dhcp fingerprinting on a controller? I'm looking to do this in Clearpass for wired and wireless devices.

I want to be able to take multiple attributes that identify a device and use it to recognize devices in my network that aren't in the fingerprint dictionary. I'm trying to avoid adding all of these devices to static host lists or the endpoint repository.
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite
Posts: 19,961
Registered: ‎03-29-2007

Re: Create Fingerprints

Compnerd, 

 

You can open a TAC case for any fingerprints that don't appear in the database.  We have to QA them before they are added, however.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Create Fingerprints

I've posted an "Idea" to create custom fingerprints:

 

http://community.arubanetworks.com/t5/Products-and-Technology/ClearPass-Create-Endpoint-Fingerprints/idi-p/64660

 

Please kudos the suggestion if you like it.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
MVP
Posts: 702
Registered: ‎03-25-2009

Re: Create Fingerprints


cjoseph wrote:

Compnerd, 

 

You can open a TAC case for any fingerprints that don't appear in the database.  We have to QA them before they are added, however.


 

Why isn't there an option to create your own fingerprints? Passing any and all such requests through TAC seems like a major waste of time? And honestly, what customer can wait for your QA process?

 

Gave kudos for your idea there compnerd.. maybe there is a valid reason why we can't add those fingerprints ourselves but thazt reason elludes me.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite
Posts: 19,961
Registered: ‎03-29-2007

Re: Create Fingerprints


koenv wrote:

cjoseph wrote:

Compnerd, 

 

You can open a TAC case for any fingerprints that don't appear in the database.  We have to QA them before they are added, however.


 

Why isn't there an option to create your own fingerprints? Passing any and all such requests through TAC seems like a major waste of time? And honestly, what customer can wait for your QA process?

 

Gave kudos for your idea there compnerd.. maybe there is a valid reason why we can't add those fingerprints ourselves but thazt reason elludes me.


That is not true.  It is much more than just adding signatures; there is a QA process to make sure that no other devices have the similar signature as well as put them into categories that can also be used in the auth process.  Signatures are updated constantly and automatically in CPPM and it does not take months; it happens fairly quickly.

 

In my opinion, the majority of the users just want signatures to be there, correct and categorized properly.  They do not want to be creating it themselves.  On the controller side, identifying, creating and ensuring that duplicate devices do not have the same signatures takes some work, sometimes and can be frustrating.  I would rather allow Aruba to qualify the signatures so that devices can be identified and categorized properly.  For every user that wants to create their own signature, there are 100 that just want it to work properly.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Create Fingerprints

I can certainly see the benefit in having Aruba vet the signatures, but I think flexibility would be nice.  I believe Cisco saw the need for this which is why it's available in ISE.

 

As far as endpoing profile fingerprints go, my understanding is that they're updated monthly.  I submitted a fingerprint for a Polycom phone and an engineer in Sunnyvale indicated that the fingerprint would not make it in until the end of the month when the the endpoint profile fingerprints are updated.  This falls in line with what I've seen under Software Updates.  The "last updated" time has been falling on the last day of the month consistently.  IMO, this is too long.  I'm sure there's a reason for it, though.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite
Posts: 19,961
Registered: ‎03-29-2007

Re: Create Fingerprints

Please open a feature request in the ideas portal.

 

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: